The British government’s latest study has revealed that despite a surge in ransomware attacks targeting organizations in the U.K., there is a significant lack of incident reporting by the victims. The government is contemplating a ban on public sector organizations from paying ransoms and is considering making incident reporting mandatory.
According to the report, there has been a concerning increase in ransomware attacks on U.K. organizations over the past year. The government surveyed over 2,000 businesses, 1,000 charities, and 500 education institutions as part of their annual cyber security breaches survey. While overall hacking incidents have decreased, ransomware attacks have seen a significant rise, with the percentage of ransomware crime increasing from less than 0.5% in 2024 to 1% in 2025.
Some high-profile ransomware incidents mentioned in the report include a hack on a National Health Service hospital in Northwest England, which forced the cancellation of outpatient appointments, and a hack on an IT vendor leading to blood shortages in U.K. hospitals. The report also highlighted that 4% of large businesses and 3% of medium businesses admitted to paying ransom to cybercriminals.
The study pointed out that external reporting of cyber breaches remains uncommon, with only a third of organizations having clear guidelines on when to report such incidents externally. Under current U.K. laws, organizations are required to report cyber incidents to the Information Commissioner’s Office within 72 hours only if personal data has been compromised.
One of the challenges identified by the U.K. government is the lack of comprehensive data on ransomware attacks, making it difficult to assess the full extent of the threat posed by hackers. In response to this, the government has proposed mandatory ransomware incident reporting and a potential ban on ransom payments. This proposal, expected to be part of the U.K. Cyber Security and Resilience Bill, would prohibit government agencies and operators of critical infrastructure from paying ransoms and would require them to report any incidents within 72 hours.
The government’s initiative aims to enhance cyber resilience and mitigate the impact of ransomware attacks on U.K. organizations. By enforcing stricter regulations on incident reporting and ransom payments, the government hopes to deter cybercriminals and strengthen the overall cyber security posture of the country.
As ransomware attacks continue to pose a significant threat to organizations worldwide, the U.K. government’s proactive approach towards combating such cyber threats is crucial in safeguarding the nation’s critical infrastructure and ensuring data security for businesses and individuals.